Closed earthlng closed 4 years ago
* apz.allow_zooming_out Bug [1627010](https://bugzilla.mozilla.org/show_bug.cgi?id=1627010) - Disallow user from zooming out past initial zoom on desktop. * apz.axis_lock.mode Bug [1467380](https://bugzilla.mozilla.org/show_bug.cgi?id=1467380) - Default to sticky axis-lock. * apz.windows.use_direct_manipulation Bug [1630912](https://bugzilla.mozilla.org/show_bug.cgi?id=1630912). Create the necessary direct manipulation objects. * browser.aboutwelcome.overrideContent Bug [1637079](https://bugzilla.mozilla.org/show_bug.cgi?id=1637079) - Initial multi stage about:welcome layout * browser.contentblocking.report.endpoint_url Bug [1624969](https://bugzilla.mozilla.org/show_bug.cgi?id=1624969) - Update monitor card in the protections dashboard. * browser.contentblocking.report.monitor.home_page_url Bug [1624971](https://bugzilla.mozilla.org/show_bug.cgi?id=1624971) - Update Monitor card with new links. * browser.contentblocking.report.monitor.preferences_url Bug [1624971](https://bugzilla.mozilla.org/show_bug.cgi?id=1624971) - Update Monitor card with new links. * browser.fixup.domainsuffixwhitelist.example Bug [1634650](https://bugzilla.mozilla.org/show_bug.cgi?id=1634650) - Add whitelisting of domain suffixes for URIFixup. * browser.fixup.domainsuffixwhitelist.internal Bug [1634650](https://bugzilla.mozilla.org/show_bug.cgi?id=1634650) - Add whitelisting of domain suffixes for URIFixup. * browser.fixup.domainsuffixwhitelist.invalid Bug [1634650](https://bugzilla.mozilla.org/show_bug.cgi?id=1634650) - Add whitelisting of domain suffixes for URIFixup. * browser.fixup.domainsuffixwhitelist.local Bug [1634650](https://bugzilla.mozilla.org/show_bug.cgi?id=1634650) - Add whitelisting of domain suffixes for URIFixup. * browser.fixup.domainsuffixwhitelist.localhost Bug [1634650](https://bugzilla.mozilla.org/show_bug.cgi?id=1634650) - Add whitelisting of domain suffixes for URIFixup. * browser.fixup.domainsuffixwhitelist.test Bug [1634650](https://bugzilla.mozilla.org/show_bug.cgi?id=1634650) - Add whitelisting of domain suffixes for URIFixup. * browser.fixup.fallback-to-https Bug [1002724](https://bugzilla.mozilla.org/show_bug.cgi?id=1002724) - add pref for fallback to https. * browser.helperApps.showOpenOptionForPdfJS Bug [1638682](https://bugzilla.mozilla.org/show_bug.cgi?id=1638682) - Enable the 'Show in Firefox' option in the Unknown Content Type dialog. Bug [773942](https://bugzilla.mozilla.org/show_bug.cgi?id=773942) - Open PDFs using pdf.js in a new tab when the Preview option is selected from the Unknown Content Type dialog. Bug [773942](https://bugzilla.mozilla.org/show_bug.cgi?id=773942) - Add a radio button to open the PDF in Firefox. * browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments Bug [1636324](https://bugzilla.mozilla.org/show_bug.cgi?id=1636324) - Show messaging-experiments messages in AS router devtools Bug [1631456](https://bugzilla.mozilla.org/show_bug.cgi?id=1631456) - Create a CFR message loader for ExperimentAPI * browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible Bug [1642436](https://bugzilla.mozilla.org/show_bug.cgi?id=1642436) - Update default pref for collection dismiss. Bug [1618944](https://bugzilla.mozilla.org/show_bug.cgi?id=1618944) - Pref for collection dismiss * browser.newtabpage.activity-stream.discoverystream.recs.personalized Bug [1645870](https://bugzilla.mozilla.org/show_bug.cgi?id=1645870) - individual newtab stories targeting prefs for spocs or recs. * browser.newtabpage.activity-stream.discoverystream.region-layout-config Bug [1632574](https://bugzilla.mozilla.org/show_bug.cgi?id=1632574) - Turn Pocket stories on by default in GB. Bug [1613739](https://bugzilla.mozilla.org/show_bug.cgi?id=1613739) - Pref to switch story rows based on region * browser.newtabpage.activity-stream.discoverystream.region-stories-config Bug [1632574](https://bugzilla.mozilla.org/show_bug.cgi?id=1632574) - Turn Pocket stories on by default in GB. Bug [1612984](https://bugzilla.mozilla.org/show_bug.cgi?id=1612984) - Enable regions that get stories via a pref * browser.newtabpage.activity-stream.discoverystream.spocs.personalized Bug [1645870](https://bugzilla.mozilla.org/show_bug.cgi?id=1645870) - individual newtab stories targeting prefs for spocs or recs. * browser.newtabpage.activity-stream.feeds.section.topstories Bug [1446276](https://bugzilla.mozilla.org/show_bug.cgi?id=1446276) - Separate pref for user set topstories and system set topstories. * browser.pdf.launchDefaultEdgeAsApp Bug [1632277](https://bugzilla.mozilla.org/show_bug.cgi?id=1632277) - Part 1: Launch PDFs in app mode when default. * browser.region.log Bug [1627538](https://bugzilla.mozilla.org/show_bug.cgi?id=1627538) - Extract getRegion into its own jsm * browser.region.network.scan Bug [1627538](https://bugzilla.mozilla.org/show_bug.cgi?id=1627538) - Extract getRegion into its own jsm * browser.region.network.url Bug [1627538](https://bugzilla.mozilla.org/show_bug.cgi?id=1627538) - Extract getRegion into its own jsm * browser.region.timeout Bug [1627538](https://bugzilla.mozilla.org/show_bug.cgi?id=1627538) - Extract getRegion into its own jsm * browser.search.modernConfig Bug [1635259](https://bugzilla.mozilla.org/show_bug.cgi?id=1635259) - Enable the modern search engine configuration on release. Bug [1613348](https://bugzilla.mozilla.org/show_bug.cgi?id=1613348) - Turn on the modern Search Service configuration for nightly builds. * browser.urlbar.dnsResolveSingleWordsAfterSearch Bug [1642943](https://bugzilla.mozilla.org/show_bug.cgi?id=1642943) - Introduce a pref to control post-search DNS resolution of single word hosts. * browser.urlbar.maxHistoricalSearchSuggestions Bug [1643475](https://bugzilla.mozilla.org/show_bug.cgi?id=1643475) - Enable form history / historical searches on 78 release and put them behind the same prefs as remote suggestions. Bug [1398416](https://bugzilla.mozilla.org/show_bug.cgi?id=1398416) - Part 3: Implement form history results. * browser.urlbar.openViewOnFocus Bug [1627989](https://bugzilla.mozilla.org/show_bug.cgi?id=1627989) - Remove the browser.urlbar.openViewOnFocus pref. Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. * browser.urlbar.richSuggestions.tail Bug [1626897](https://bugzilla.mozilla.org/show_bug.cgi?id=1626897) - Part 2 - Add support for tail suggestions to SearchSuggestionsController.jsm. * browser.urlbar.suggest.topsites Bug [1627858](https://bugzilla.mozilla.org/show_bug.cgi?id=1627858) - Add a user visible preference to disable Top Sites on focus. * devtools.accessibility.auto-init.enabled Bug [1602075](https://bugzilla.mozilla.org/show_bug.cgi?id=1602075) - add an accessibility-panel-auto-init feature to control the panel auto enabling functionality. * devtools.netmonitor.features.serverSentEvents Bug [1636420](https://bugzilla.mozilla.org/show_bug.cgi?id=1636420) - Connect SSE actor to the Message panel. * devtools.responsive.touchGestureSimulation.enabled Bug [1623941](https://bugzilla.mozilla.org/show_bug.cgi?id=1623941) - Part 1: Use nsDOMWindowUtils' sendNativeTouchPoint for simulating touch events Bug [1489653](https://bugzilla.mozilla.org/show_bug.cgi?id=1489653) - Simulate double-tap gestures in RDM * doh-rollout.trr-selection.enabled Bug [1642723](https://bugzilla.mozilla.org/show_bug.cgi?id=1642723) - Pref-off automatic TRR-selection by default. * dom.ipc.cpows.forbid-unsafe-from-browser Bug [1640967](https://bugzilla.mozilla.org/show_bug.cgi?id=1640967) - Remove cpows preferences. * dom.link.disabled_attribute.enabled Bug [1640400](https://bugzilla.mozilla.org/show_bug.cgi?id=1640400) - Remove dom.link.disabled_attribute.enabled. * dom.quotaManager.storageName Bug [1624802](https://bugzilla.mozilla.org/show_bug.cgi?id=1624802) - Add a pref for overriding storage name; * dom.sidebar.enabled Bug [1632447](https://bugzilla.mozilla.org/show_bug.cgi?id=1632447) - Disable window.external/sidebar.AddSearchProvider by preference. * editor.truncate_user_pastes Bug [1636855](https://bugzilla.mozilla.org/show_bug.cgi?id=1636855) - Enable `editor.truncate_user_pastes` even in Nightly channel. Bug [1636855](https://bugzilla.mozilla.org/show_bug.cgi?id=1636855) - Disallow to paste longer text than `maxlength` value except in Nightly channel and early Beta. Bug [1320229](https://bugzilla.mozilla.org/show_bug.cgi?id=1320229) - allow user pastes longer than input maxlength * extensions.abuseReport.openDialog Bug [1614653](https://bugzilla.mozilla.org/show_bug.cgi?id=1614653) - Remove the extensions.abuseReports.openDialog pref and the related implementation and XUL elements from about:addons. Bug [1598079](https://bugzilla.mozilla.org/show_bug.cgi?id=1598079) - Turn abuseReport.openDialog on by default on all channels. * geo.provider-country.network.scan Bug [1627538](https://bugzilla.mozilla.org/show_bug.cgi?id=1627538) - Extract getRegion into its own jsm Bug [1589618](https://bugzilla.mozilla.org/show_bug.cgi?id=1589618) - Move the implementation of the region fetch to NetworkGeolocationProvider to have it close to the wifi scanning code. * geo.provider-country.network.url Bug [1627538](https://bugzilla.mozilla.org/show_bug.cgi?id=1627538) - Extract getRegion into its own jsm Bug [1589618](https://bugzilla.mozilla.org/show_bug.cgi?id=1589618) - Move the implementation of the region fetch to NetworkGeolocationProvider to have it close to the wifi scanning code. * gfx.webrender.quality.force-disable-sacrificing-subpixel-aa Bug [1635610](https://bugzilla.mozilla.org/show_bug.cgi?id=1635610) - Enable per scroll root picture cache slices by default. * gfx.webrender.quality.force-subpixel-aa-where-possible Bug [1635610](https://bugzilla.mozilla.org/show_bug.cgi?id=1635610) - Enable per scroll root picture cache slices by default. * identity.fxaccounts.useSessionTokensForOAuth Bug [1632557](https://bugzilla.mozilla.org/show_bug.cgi?id=1632557) - Add pref and logic for direct use of session tokens to provision OAuth tokens * image.avif.use-dav1d Bug [1639409](https://bugzilla.mozilla.org/show_bug.cgi?id=1639409) - AVIF (AV1 Image File Format): decode with dav1d. * javascript.options.shared_memory Bug [1606624](https://bugzilla.mozilla.org/show_bug.cgi?id=1606624) - Ship SharedArrayBuffer (and atomics) to Release; * javascript.options.source_pragmas Bug [1628853](https://bugzilla.mozilla.org/show_bug.cgi?id=1628853) - Expose a feature flag to enable/disable //# sourceXX= parsing. * javascript.options.wasm_multi_value Bug [1620986](https://bugzilla.mozilla.org/show_bug.cgi?id=1620986) - Introduce run-time switch for multi-value. * layers.recycle-allocator-rdd Bug [1645579](https://bugzilla.mozilla.org/show_bug.cgi?id=1645579) - Disable RecycleAllocator for RDD process when WebRender is disabled on Mac. * layout.animation.prerender.viewport-ratio-limit Bug [1634616](https://bugzilla.mozilla.org/show_bug.cgi?id=1634616) - Calculate a perfect square based on the viewport size and rotate it to adjust the partial prerender area for rotation transforms. * layout.animation.prerender.viewport-ratio-limit-x Bug [1634616](https://bugzilla.mozilla.org/show_bug.cgi?id=1634616) - Calculate a perfect square based on the viewport size and rotate it to adjust the partial prerender area for rotation transforms. * layout.animation.prerender.viewport-ratio-limit-y Bug [1634616](https://bugzilla.mozilla.org/show_bug.cgi?id=1634616) - Calculate a perfect square based on the viewport size and rotate it to adjust the partial prerender area for rotation transforms. * layout.css.aspect-ratio.enabled Bug [1635939](https://bugzilla.mozilla.org/show_bug.cgi?id=1635939) - Let aspect-ratio (css-sizing-4) support 'auto | <ratio>'. * layout.css.aspect-ratio-number.enabled Bug [1635939](https://bugzilla.mozilla.org/show_bug.cgi?id=1635939) - Replace AspectRatio with computed::position::Ratio in media-queries. * layout.css.file-chooser-button.enabled Bug [1635675](https://bugzilla.mozilla.org/show_bug.cgi?id=1635675) - Implement the ::file-chooser-button pseudo-element. * layout.css.font-visibility.level Bug [1634677](https://bugzilla.mozilla.org/show_bug.cgi?id=1634677) - patch 1 - Add a pref to control visibility of different categories of installed font families. * layout.css.is-where-selectors.enabled Bug [1632646](https://bugzilla.mozilla.org/show_bug.cgi?id=1632646) - Enable :is() and :where() in all release channels. Bug [1509418](https://bugzilla.mozilla.org/show_bug.cgi?id=1509418) - Enable the feature in Nightly. Bug [1629735](https://bugzilla.mozilla.org/show_bug.cgi?id=1629735) - Implement parsing / selector-matching for :is() and :where(). * layout.css.moz-document.url-prefix-hack.enabled Bug [1449753](https://bugzilla.mozilla.org/show_bug.cgi?id=1449753) - Remove the @-moz-document url-prefix() hack preference, enable it everywhere. * layout.css.moz-focus-outer.enabled Bug [1636998](https://bugzilla.mozilla.org/show_bug.cgi?id=1636998) - Make ::-moz-focus-outer a no-op, and remove it on Nightly. * layout.dynamic-toolbar-max-height Bug [1640223](https://bugzilla.mozilla.org/show_bug.cgi?id=1640223) - Expand the given size in ExpandHeightForViewportUnits by multiplying the 'vh value / visible area height'. * media.autoplay.blocking_policy Bug [1509933](https://bugzilla.mozilla.org/show_bug.cgi?id=1509933) - part1 : add new pref 'media.autoplay.blocking_policy'. * media.autoplay.enabled.user-gestures-needed Bug [1509933](https://bugzilla.mozilla.org/show_bug.cgi?id=1509933) - part1 : add new pref 'media.autoplay.blocking_policy'. * media.cubeb.output_voice_routing Bug [1626081](https://bugzilla.mozilla.org/show_bug.cgi?id=1626081) - Add a pref to disable the audio output stream routing on Android. * media.getusermedia.aecm_output_routing Bug [1626081](https://bugzilla.mozilla.org/show_bug.cgi?id=1626081) - Set and add a way to change the default routing mode for echo cancellation on mobile. * media.getusermedia.experimental_input_processing Bug [1628779](https://bugzilla.mozilla.org/show_bug.cgi?id=1628779) - Pass the audio rountrip latency to the echo canceller, and disable extended filter and delay agnostic AEC, on macOS Nightly. * media.navigator.audio.full_duplex Bug [1638832](https://bugzilla.mozilla.org/show_bug.cgi?id=1638832) - Remove unused full duplex code * media.peerconnection.video.use_rtx Bug [1638758](https://bugzilla.mozilla.org/show_bug.cgi?id=1638758) - Turn off just-added media.peerconnection.video.use_rtx in nightly. Bug [1632489](https://bugzilla.mozilla.org/show_bug.cgi?id=1632489) - Enable rtx for early beta or earlier; acked out 4 changesets (bug [1632489](https://bugzilla.mozilla.org/show_bug.cgi?id=1632489)) for android crashes at test_peerConnection_maxFsConstraint.html. CLOSED TREE Bug [1164187](https://bugzilla.mozilla.org/show_bug.cgi?id=1164187) - Add pref for rtx; * network.dns.disabled Bug [1636411](https://bugzilla.mozilla.org/show_bug.cgi?id=1636411) - Allow disabling DNS resolution via pref * network.http.sanitize-headers-in-logs Bug [1642318](https://bugzilla.mozilla.org/show_bug.cgi?id=1642318) - network.http.sanitize-headers-in-logs should be RelaxedAtomicBool Bug [1637727](https://bugzilla.mozilla.org/show_bug.cgi?id=1637727) - convert network.http.sanitize-headers-in-logs to a StaticPref. * network.send_ODA_to_content_directly Bug [1623380](https://bugzilla.mozilla.org/show_bug.cgi?id=1623380) - Send ODA directly to content process * network.trr.resolvers Bug [1644444](https://bugzilla.mozilla.org/show_bug.cgi?id=1644444) - Update NextDNS endpoint URL and migrate pref values. Bug [1588647](https://bugzilla.mozilla.org/show_bug.cgi?id=1588647) - [trr] Add NextDNS to list of TRR providers * pdfjs.handleOctetStream Bug [1633270](https://bugzilla.mozilla.org/show_bug.cgi?id=1633270) - view application/octet-stream PDFs in PDF.JS and add a pref to turn this off, * permissions.postPrompt.animate Bug [1636112](https://bugzilla.mozilla.org/show_bug.cgi?id=1636112) - Make post-prompt animation obey prefers-reduced-motion. * privacy.dynamic_firstparty.use_site Bug [1637516](https://bugzilla.mozilla.org/show_bug.cgi?id=1637516) - part 2: make first-party domain support site; * privacy.firstparty.isolate.use_site Bug [1637516](https://bugzilla.mozilla.org/show_bug.cgi?id=1637516) - part 2: make first-party domain support site; * privacy.partition.network_state Bug [1639247](https://bugzilla.mozilla.org/show_bug.cgi?id=1639247) - Isolate DNS cache per first-party when privacy.partition.network_state is set to true - part 1 - new pref, * privacy.rejectForeign.allowList Bug [1635050](https://bugzilla.mozilla.org/show_bug.cgi?id=1635050) - Implement a whitelist system for cookieBehavior REJECT_FOREIGN with exceptions, * privacy.resistFingerprinting.randomDataOnCanvasExtract Bug [1638211](https://bugzilla.mozilla.org/show_bug.cgi?id=1638211) - Make privacy.resistFingerprinting.randomDataOnCanvasExtract a RelaxedAtomicBool Bug [1621433](https://bugzilla.mozilla.org/show_bug.cgi?id=1621433) - In RFP mode, turn canvas image extraction into a random 'poison pill' for fingerprinters * security.allow_disjointed_external_uri_loads Bug [1606797](https://bugzilla.mozilla.org/show_bug.cgi?id=1606797) - do not allow navigating to external URIs in cross-origin disjoint browsing contexts, * security.allow_unsafe_parent_loads Bug [1637869](https://bugzilla.mozilla.org/show_bug.cgi?id=1637869) - P4. Access pref via staticpref. * security.cancel_non_local_loads_triggered_by_systemprincipal Bug [1613609](https://bugzilla.mozilla.org/show_bug.cgi?id=1613609) - prototype patch with whitelist for sysrequest * security.osreauthenticator.blank_password Bug [1633090](https://bugzilla.mozilla.org/show_bug.cgi?id=1633090) - Cache the result of the empty password checks. * security.osreauthenticator.password_last_changed_hi Bug [1633090](https://bugzilla.mozilla.org/show_bug.cgi?id=1633090) - Cache the result of the empty password checks. * security.osreauthenticator.password_last_changed_lo Bug [1633090](https://bugzilla.mozilla.org/show_bug.cgi?id=1633090) - Cache the result of the empty password checks. * security.ssl3.dhe_rsa_aes_128_sha Bug [1496639](https://bugzilla.mozilla.org/show_bug.cgi?id=1496639) - Disable DHE ciphers by default. * security.ssl3.dhe_rsa_aes_256_sha Bug [1496639](https://bugzilla.mozilla.org/show_bug.cgi?id=1496639) - Disable DHE ciphers by default. * security.tls.version.min Bug [1643229](https://bugzilla.mozilla.org/show_bug.cgi?id=1643229) - Disable TLS 1.0 in release channels, Bug [1626495](https://bugzilla.mozilla.org/show_bug.cgi?id=1626495) - Re-enable TLS 1.0 for release, Bug [1623536](https://bugzilla.mozilla.org/show_bug.cgi?id=1623536) - Re-enable TLS 1.0, Bug [1606734](https://bugzilla.mozilla.org/show_bug.cgi?id=1606734) - Disable TLS 1.0 and 1.1 by default, * toolkit.asyncshutdown.report_writes_after Bug [1610134](https://bugzilla.mozilla.org/show_bug.cgi?id=1610134): Part 2: Increase timeout pref that turns on late write checking Bug [1610134](https://bugzilla.mozilla.org/show_bug.cgi?id=1610134): Part 1: add timeout pref that turns on late write checking to see if it's possible to crash browser earlier. * toolkit.cosmeticAnimations.enabled Bug [1640501](https://bugzilla.mozilla.org/show_bug.cgi?id=1640501) - Remove toolkit.cosmeticAnimations.enabled from all.js. * webextensions.storage.sync.kinto Bug [1623245](https://bugzilla.mozilla.org/show_bug.cgi?id=1623245) - A new browser.storage.sync local storage implementation, pref'd off. Bug [1642271](https://bugzilla.mozilla.org/show_bug.cgi?id=1642271) - don't sync the webextensions.storage.sync.kinto preference. Bug [1635352](https://bugzilla.mozilla.org/show_bug.cgi?id=1635352) (part 1) - Add a new bridged extension-storage engine.
@earthlng why was this pulled out for action? sorry, I haven't looked at it yet
pref("browser.urlbar.suggest.topsites", true);
the rest: anyone who wants to do some homework, dig in
1. pref("browser.fixup.fallback-to-https", true);
2. pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 1);
3. pref("layout.css.font-visibility.level", 3);
4. pref("network.dns.disabled", false);
5. pref("privacy.dynamic_firstparty.use_site", true);
6. pref("privacy.firstparty.isolate.use_site", false);
7. pref("privacy.partition.network_state", false);
how does this sound?
1
sounds good at default -> ignore?2
i need to refresh, but I think we want to change this so single words do not search3
NFI, I was just intrigued what it means4
?5+6+7
: leave them alone for Mozilla to set
* `2` i need to refresh, but I think we want to change this so single words do not search
Leaving it set to 1 uses internal Firefox heuristics to determine whether the word gets resolved or not, setting it to 2 will always resolve the single word and setting to 0 will never resolve the single word.
I suggest something like this:
/* 0850a: disable location bar suggestion types
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/
// user_pref("browser.urlbar.suggest.history", false);
// user_pref("browser.urlbar.suggest.bookmark", false);
// user_pref("browser.urlbar.suggest.openpage", false);
// user_pref("browser.urlbar.suggest.topsites", false); // [FF78+]
Personally I have the last line uncommented.
Edit: Sorry, my bad. Should have checked it before posting. Search engine keywords work no matter what. Eidt 2: The above deals with the visibility of the topsites. However there's also "browser.newtabpage.activity-stream.feeds.system.topsites". We probably need to deal with that, too. :(
3:
# Visibility level of font families available to CSS font-matching:
# 1 - only base system fonts
# 2 - also fonts from optional language packs
# 3 - also user-installed fonts
Source: https://dxr.mozilla.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#5753
4: leave false
. It disables DNS queries to upstream server i.e. you can use the internet.
OMG. They did it again. Completely blocked all last posibility to disable indexedDB in Firefox. Private browsing mode not help anymore. Replace folder "storage" with empty file with name "storage" breaks browser functionality. urlbar not work, searchbar on about:home not work, right-click on some pages show several dozen options. They did it with purpose. It is the end. If I don't find any loophole that still open. I'm tired of playing cat and mouse with them.
@Thorin-Oakenpants I edited my posts above before you commited yesterday but seemingly you didn't see it early enough. Sorry for that!
I also read the code for browser.urlbar.dnsResolveSingleWordsAfterSearch. Currently there's no heuristic at all (bug 1642623), i.e. 1=2='always resolve' for now. In the future they want to check the user's host file or if DOH is used, etc.
I just mentioned DoH and host file checking because Mozilla plans including it in the heuristic they want to implement for browser.urlbar.dnsResolveSingleWordsAfterSearch in future versions. In other words, another suggestion:
/* 07XX: DNS: resolve single words after search [FF78+]
* Necessary if you need to connect to local networks with single word names but also leaks the input to your DNS-provider
* 0=never, 1=heuristic (default), 2=always
* (For FF78 1 and 2 are the same and always resolve but that will change in future versions)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1642623
// user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
OMG YES! no expanding urlbar anymore in FF78 with ui.prefersReducedMotion=1! Hallelujah! Thank you black Jesus :)
1
sounds good at default -> ignore?
yes.
browser.urlbar.dnsResolveSingleWordsAfterSearch
fits better in 0800 than 0700 IMO. I wonder if we really need this though when we already have keyword.enabled=false
? @guser-sudo, do you know?
Either way, we should probably add it just in case (active with value 0).
AFAIK 5 + 6 control what's used as the origin attribute for 1st-party isolation. dFPI will now use "site" whereas FPI will remain just domain. A bit weird that they use different OAs but I guess it's best to not mess with it at this point because IDK if all the things isolated by FPI will still work with "site" instead of domain.
FYI:
layout.css.font-variations.enabled
is locked
is that related to layout.css.font-visibility.level
at all?
layout.css.font-visibility.level
looks nice at first glance but doesn't it just add another vector to detect locale?
Like, fe on my system the arabic fonts are "hidden" in my OS and font-visibility.level=1 would make them not accessible for CSS anymore but someone with an en-US
FF (spoofed or not) on an OS in arabic would have those fonts exposed in the list. I don't see how this improves privacy TBH
layout.css.font-variations.enabled
is related to https://developer.mozilla.org/en-US/docs/Web/CSS/font-variation-settings. Not sure it figures into any privacy related stuff..
browser.urlbar.dnsResolveSingleWordsAfterSearch
fits better in 0800 than 0700 IMO. I wonder if we really need this though when we already havekeyword.enabled=false
? @guser-sudo, do you know? Either way, we should probably add it just in case (active with value 0).
I monitored my DNS-traffic: keyword.enabled=false
still causes a DNS-lookup, browser.urlbar.dnsResolveSingleWordsAfterSearch=0
does not.
Thanks for testing @guser-sudo!
keyword.enabled=false
still causes a DNS-lookup,
yeah but isn't that because it tries to access that "keyword" as a hostname? Unless you previously accessed that hostname and therefore still have it in your MAC or DNS cache, that access would necessarily require a dns lookup, right?
ie, with keyword.enabled=false, when I enter "pants" in the urlbar it'll try to access http://pants/. I don't think there's any way to stop that.
So, as I understand it, dnsResolveSingleWordsAfterSearch=0 only makes sense with keyword.enabled=true ie you always want to search for single words and never try to resolve it as a hostname.
what does heuristics actually mean?
they haven't decided yet. https://bugzilla.mozilla.org/show_bug.cgi?id=1642623#c8 lists some of their ideas atm:
- user is using DOH
- /etc/hosts only contains localhost
- no policies are in use
- the computer is not enrolled in a domain
@earthlng
Yes, with keyword.enabled=false
the default setting browser.urlbar.dnsResolveSingleWordsAfterSearch=1
is sufficient which should prevent (hopefully most) typos from being externally resolved when the heuristic has landed.
@Thorin-Oakenpants
That pref seems to be the AS of browser.urlbar.suggest.topsites
. They do almost the same however I don't know the exact differences. Still investigating if both are needed or only one of them.
What happened to the browser.urlbar.dnsResolveSingleWordsAfterSearch
comments?
maybe something like this for dnsResolveSingleWordsAfterSearch:
/* 0811: disable location bar leaking single words to DNS provider when keywords (0801) are enabled [FF78+]
* 0=never resolve single words, 1=heuristic (default), 2=always resolve
* (For FF78 value 1 and 2 are the same and always resolve but that will change in future versions)
* [1] https://bugzilla.mozilla.org/1642623 ***/
user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
IDK if we need to explain more than that, fe that with keywords disabled all single words are treated as hostnames and could "leak" (unless you have them in your hosts file (and don't use DOH because DOH currently doesn't check hosts)).
We can also add network.dns.disabled
as optional defense-in-depth to prevent any potential DNS leaks for proxy/tor users.
Firefox 78.0.1 with no proxy here. I tested setting network.dns.disabled to true and I wasn't surprised more than that with the effect : no connection. My understanding of English is sometimes approximate so if my above comment initiates hilarity I won't feel excessively ashamed!
Did anyone noticed the DNS leak when dnsResolveSingleWordsAfterSearch = 1
?
I do use keyword.enabled = true
and no single word DNS leak is visible here.
@crssi Yes, I can see it when logging my DNS queries. It happens after a single word search like 'cat' when firefox asks you if you want to open http://cat instead.
@Thorin-Oakenpants wrote above, concerning network.dns.disabled
If we add network.dns.disabled it would be inactive, but I wondering what other use cases it has: e.g. VPNs with their own DNS servers. What about if you use DoH? So it's basically an off switch if the any DNS alternatives fails. But I'm struggling to think of any other use cases.
I linger as well to understand this setting's pertinence. No VPN here and no FF TRR, DNS is resolved with DNSCrypt-proxy (hence its own DNS servers). Maybe makes sense with FF's DoH (TRR)? I'm really looking forwards to understand why/where the setting is useful.
I just turned on browser.fixup.alternate.enabled
for testing but it doesn't work and always causes a search instead. Am I missing something or is it broken?
@guser-sudo I see what you mean, but there is no such query here... In wireshark I can see only request for a search on DDG. Will try to find out today afternoon what I have different in setup. Will report back later.
* [NOTE] disabling location bar search also has the same effect (see 0801)
I wouldn't call it the same effect: It prevents the search and does a DNS lookup because you probably want to reach a local resource.
browser.urlbar.dnsResolveSingleWordsAfterSearch
decides whether after a search you want to be given the opportunity to reach a local resource instead.
I read that as you can only disable the single dns leak if you also have 0801 enabled
that's exactly how it's meant to be read :)
type "pants" and hit enter and it just goes straight to an error page.
yeah but after it tried to resolve pants ie dns leak
@crssi are you sure you didn't send the single word to your search engine ie something like "d word"? The leak only happens if you enter a single word without a search-engine keyword/letter
I never use search-engine keyword/letter
.
I have build a new profile from scratch. And everything is as you say and cannot reproduce.
I must have done something in my work profile that I am not aware off, since there I have no leakage and the browser.urlbar.dnsResolveSingleWordsAfterSearch = 1
.... it is strange, but in is just part of my fckedup profile.
Will try to get to the bottom of it later, just out of curiosity.
Update: Forget I have written anything, just can't reproduce anymore and I have no clue why is that.
this is what the prompt looks like:
But the prompt only shows up if the DNS lookup actually found a host with that name. That's why I used localhost
.
The way I tested it was a new fresh profile with the latest user.js, (optional: change default search engine to the builtin DDG), then in about:config change keyword.enabled
to true and set browser.fixup.domainwhitelist.localhost
to false.
This is just to illustrate the prompt though - the DNS leak doesn't really happen here because localhost is in everyone's hosts file and that's looked up prior to any remote DNS lookup. (unless you use FF's DoH!)
With that test environment now in place you can test when (or not) the prompt shows up, ie search buttons etc. If it doesn't show up it most likely means the DNS lookup didn't happen but I haven't verified that with wireshark or similar. BUT just make sure you never click the "Yes, take me to ..." button because that will set a pref and mess up further testing!
In my test it apparently didn't try a DNS lookup when I clicked one of the one-off search buttons to trigger the search nor when I used a search-engine keyword/letter.
FYI secretplace,com
is considered a single word too. Probably everything without a space is a single word.
I hope this helps
Does anyone care about adding
network.dns.disabled
Does anyone care about adding these as true, now we know what they do (inactive)
privacy.partition.network_state
privacy.firstparty.isolate.use_site
Does anyone care about 2200
dom.disable_window_open_feature
- see 1507375, compatI tried doing various tests here, and I have my own tests, and I just don't get it. I can still remove all those items: menubar, personalbar and toolbar (but I can't add them?). I also got some really whacked out results, where I loaded the test in a popup and the changes were being applied to the parent window (and I could show/hide things like the menu, toolbar etc)
I just don't know if I can be fucked dealing with this mess
Does anyone care about
network.dns.disabled
: No
privacy.partition.network_state
: IDK what it does, the onlything I found was the linked ticket.
/* 400x: Isolate DNS cache per first-party [FF78+] ***/
// user_pref("privacy.partition.network_state", true);
privacy.firstparty.isolate.use_site
: I do some testing
/* 400x: Isolate by site and not by domain [FF78+] ***/
// user_pref("privacy.firstparty.isolate.use_site", true);
privacy.partition.network_state
: IDK what it does, the only thing I found was the linked ticket
It is being used to isolate some things that FPI didn't. Maybe they'll even move things to use this so it's simpler from an engineering point of view. Here is the meta ticket
FPI was going to isolate font cache (pretty sure this is the graphics card cache) - that was 1560580, but this has been dropped and instead is covered with privacy.partition.network_state
(see 1647732) , but that's not until FF80
"Network" being distinct from web content : "This leaves storage, permissions, cookie jars etc alone but isolates cached and network stuff by site. Nothing that should be observable to a website (except through side channels.)"
We certainly don't need to add any of these for this release, but probably will at some point. And at that point when they are ready to use (bugs), they will most likely be flipped
FF78 is scheduled for release June 30th
FF78 release notes [when ready] FF78 for developers FF78 compatibility FF78 security advisories
other
ui.prefersReducedMotion=1
- https://github.com/ghacksuserjs/ghacks-user.js/commit/3d18af19e3936beecca8506dc57319a428b98dc22200
:dom.disable_window_open_feature
- see 1507375, compat100 diffs ( 63 new, 19 gone, 18 different )
new in v78.0:
sites
instead ofdomains
sites
instead ofdomains
removed, renamed or hidden in v78.0:
ALL DONE
- https://github.com/ghacksuserjs/ghacks-user.js/commit/77ecef8be3a0a6b1a0f32c9d9ef501478065b00f2031
pref("media.autoplay.enabled.user-gestures-needed", true); - 15099335000's
pref("toolkit.cosmeticAnimations.enabled", true); - 1640501changed in v78.0:
1202
pref("security.tls.version.min", 3); // prev: 11263
pref("security.ssl3.dhe_rsa_aes_128_sha", false); // prev: true1263
pref("security.ssl3.dhe_rsa_aes_256_sha", false); // prev: true0105c
pref("browser.newtabpage.activity-stream.feeds.section.topstories", true); // prev: falseignore
click me for details
==NEW ```js pref("apz.allow_zooming_out", false); pref("apz.windows.use_direct_manipulation", false); pref("browser.aboutwelcome.overrideContent", ""); pref("browser.contentblocking.report.endpoint_url", "https://monitor.firefox.com/user/breach-stats?includeResolved=true"); pref("browser.contentblocking.report.monitor.home_page_url", "https://monitor.firefox.com/user/dashboard"); pref("browser.contentblocking.report.monitor.preferences_url", "https://monitor.firefox.com/user/preferences"); pref("browser.fixup.domainsuffixwhitelist.example", true); pref("browser.fixup.domainsuffixwhitelist.internal", true); pref("browser.fixup.domainsuffixwhitelist.invalid", true); pref("browser.fixup.domainsuffixwhitelist.local", true); pref("browser.fixup.domainsuffixwhitelist.localhost", true); pref("browser.fixup.domainsuffixwhitelist.test", true); pref("browser.fixup.fallback-to-https", true); pref("browser.helperApps.showOpenOptionForPdfJS", true); pref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); pref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", true); pref("browser.newtabpage.activity-stream.feeds.system.topsites", true); pref("browser.newtabpage.activity-stream.feeds.system.topstories", false); pref("browser.pdf.launchDefaultEdgeAsApp", true); pref("browser.region.log", false); pref("browser.region.network.scan", false); pref("browser.region.network.url", "https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%"); pref("browser.region.timeout", 5000); pref("browser.urlbar.richSuggestions.tail", false); pref("devtools.accessibility.auto-init.enabled", false); pref("devtools.netmonitor.features.serverSentEvents", false); pref("doh-rollout.trr-selection.enabled", false); pref("dom.quotaManager.storageName", "storage"); pref("gfx.webrender.quality.force-subpixel-aa-where-possible", false); pref("identity.fxaccounts.useSessionTokensForOAuth", true); pref("image.avif.use-dav1d", true); pref("javascript.options.source_pragmas", true); pref("javascript.options.wasm_multi_value", true); pref("layers.recycle-allocator-rdd", true); pref("layout.animation.prerender.viewport-ratio-limit", "1.125"); pref("layout.css.aspect-ratio.enabled", false); pref("layout.css.file-chooser-button.enabled", false); pref("layout.css.moz-focus-outer.enabled", true); pref("layout.dynamic-toolbar-max-height", 0); pref("media.cubeb.output_voice_routing", true); pref("media.getusermedia.aecm_output_routing", 3); pref("media.getusermedia.experimental_input_processing", false); pref("media.peerconnection.video.use_rtx", false); pref("network.http.sanitize-headers-in-logs", true); pref("network.send_ODA_to_content_directly", true); pref("pdfjs.handleOctetStream", true); pref("privacy.rejectForeign.allowList", ""); pref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true); pref("security.allow_disjointed_external_uri_loads", false); pref("security.allow_unsafe_parent_loads", false); pref("security.cancel_non_local_loads_triggered_by_systemprincipal", false); pref("security.osreauthenticator.blank_password", false); pref("security.osreauthenticator.password_last_changed_hi", 0); pref("security.osreauthenticator.password_last_changed_lo", 0); pref("webextensions.storage.sync.kinto", true); ``` ==REMOVED or HIDDEN ```js pref("browser.urlbar.openViewOnFocus", true); pref("devtools.responsive.touchGestureSimulation.enabled", false); pref("dom.ipc.cpows.forbid-unsafe-from-browser", true); pref("dom.ipc.cpows.log.enabled", false); pref("dom.ipc.cpows.log.stack", false); pref("dom.link.disabled_attribute.enabled", true); pref("extensions.abuseReport.openDialog", true); pref("geo.provider-country.network.scan", false); pref("geo.provider-country.network.url", "https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%"); pref("gfx.webrender.quality.force-disable-sacrificing-subpixel-aa", false); pref("layout.animation.prerender.viewport-ratio-limit-x", "1.125"); pref("layout.animation.prerender.viewport-ratio-limit-y", "1.125"); pref("layout.css.aspect-ratio-number.enabled", false); pref("layout.css.moz-document.url-prefix-hack.enabled", true); pref("media.navigator.audio.full_duplex", true); pref("network.preload-experimental", false); pref("permissions.postPrompt.animate", true); ``` ==CHANGED ```js pref("app.update.url.manual", "https://www.mozilla.org/%LOCALE%/firefox/"); // prev: "https://www.mozilla.org/firefox/" pref("apz.axis_lock.mode", 2); // prev: 0 pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "{\"id\":\"messaging-experiments\",\"enabled\":true,\"type\":\"remote-experiments\",\"messageGroups\":[\"cfr\",\"whats-new-panel\",\"moments-page\",\"snippets\",\"cfr-fxa\",\"aboutwelcome\"],\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"messaging-experiments\",\"enabled\":true,\"type\":\"remote-experiments\",\"messageGroups\":[\"cfr\",\"whats-new-panel\",\"moments-page\",\"snippets\",\"cfr-fxa\"],\"updateCycleInMs\":3600000}" pref("browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible", true); // prev: false pref("browser.newtabpage.activity-stream.discoverystream.region-layout-config", "US,CA,GB"); // prev: "US,CA" pref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", "US,DE,CA,GB"); // prev: "US,DE,CA" pref("browser.search.modernConfig", true); // prev: false pref("browser.urlbar.maxHistoricalSearchSuggestions", 2); // prev: 0 pref("dom.sidebar.enabled", false); // prev: true pref("editor.truncate_user_pastes", true); // prev: false pref("javascript.options.shared_memory", true); // prev: false pref("layout.css.is-where-selectors.enabled", true); // prev: false pref("network.trr.resolvers", "[{ \"name\": \"Cloudflare\", \"url\": \"https://mozilla.cloudflare-dns.com/dns-query\" },{ \"name\": \"NextDNS\", \"url\": \"https://firefox.dns.nextdns.io/\" }]"); // prev: "[{ \"name\": \"Cloudflare\", \"url\": \"https://mozilla.cloudflare-dns.com/dns-query\" },{ \"name\": \"NextDNS\", \"url\": \"https://trr.dns.nextdns.io/\" }]" pref("toolkit.asyncshutdown.report_writes_after", 40000); // prev: 20000 ```